Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiwan with force push openvpn traffic over the group

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      KOTRz
      last edited by

      Ive been trying to get a multiwan upand running then push all ovpn traffic via the grouped gw, strange enough the traffic gets pusshed noemally via a single wan with no problem, but with a grouped wultiwan, I couldnt make it happen, is this possible after all?

      H.Hassan
      Sam Networks
      website: http://www.samnetworks.co.uk

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You can use multi-WAN with OpenVPN client traffic, you just need to:

        a. Make sure the clients can connect to both WANs โ€“ if they connect to WAN1 and you take down WAN1, they will not be able to get out
        b. Make sure to use the gateway group on rules on the OpenVPN tab for Internet-bound traffic. Keep in mind you'll need a separate pass rule above those without a gateway set if they need to reach LAN or other local networks.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • K
          KOTRz
          last edited by

          thanks alot,
          so just to get this right.
          I will write down the steps.
          1. make sure the vpn is created as interface.
          2. DONT include the vpn interface within the multinwan group (keep it separate)
          3. create a firewall rule for the (OVPN interface) not the OVPN that is created by default and make sure the rules are like this:
          Src: OVPN Iface
          Dest: LAN Iface
          GW: default
          then create a rule for:
          Src: OVPN Iface
          Dest: Any
          GW: OVPN Iface.
          is this correct?

          H.Hassan
          Sam Networks
          website: http://www.samnetworks.co.uk

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Unless I've misunderstood your original request, no, you don't need anything like that.

            This is assuming you're talking about having remote access OpenVPN clients connect to both your WANs and use Multi-WAN for their Internet-bound traffic coming across the VPN:

            a: Make sure clients can connect to both WANs:
            1. Set the Interface for the VPN to Localhost
            2. Add port forwards to both WANs to forward your OpenVPN port for this server to localhost (127.0.0.1) on the same port

            b: Use gateway groups on OpenVPN rules:
            1. Firewall > Rules, OpenVPN tab
            2. Add a rule at the top of the list to match from a source of this server's tunnel network, destination is your local LAN, without a gateway set
            3. Add a rule just under the previous rule to match from a source of this server's tunnel network, destination is "any", using your existing gateway group.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.